CERT-In Vulnerability Note CIVN-2008-64
”ipip6_rcv” Denial of Service Vulnerability in Linux Kernel
Original Issue Date:
May 27, 2008
Severity Rating:
High
System Affected
- Linux kernel versions prior to 2.6.25.3
Overview
A vulnerability has been reported in Linux kernel, which could be exploited by remote attackers to cause a denial of service attack on the affected system.
Description
A vulnerability has been reported in Linux kernel due to Memory leak in the “ipip6_rcv” function in net/ipv6/sit.c while handling malformed packets. A remote attacker could exploit this vulnerability by sending a specially crafted IPv6 packet to the simple Internet Transition (SIT) tunnel interface to cause a denial of service attack on the affected system.
Solution
Update to Linux Kernel version 2.6.25.3
http://www.kernel.org
Vendor Information
Kernel
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3
References
SecurityFocus
http://www.securityfocus.com/bid/29235
FrSIRT
http://www.frsirt.com/english/advisories/2008/1543
X-Force
http://xforce.iss.net/xforce/xfdb/42451
CVE-Name
CVE-2008-2136
CWE-Name
CWE-399
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
